package cn.tom.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity  //加入到 Filter
public class SecurityConfig {
    @Autowired
    AuthenticationConfiguration authenticationConfiguration;

    @Bean
    PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
        //相同的密码 123456  , 加密的结果不一样
    }

    @Bean
    public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration)
            throws Exception {
        return authenticationConfiguration.getAuthenticationManager();
    }

    @Bean
        //@EnableWebSecurity  //加入到 Filter  才能让 http 参数变量识别到
    SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/api/login")
                .permitAll()
                .antMatchers("/", "/static/**", "/*.html", "/js/**", "/css/**", "/img/**")
                .permitAll()
                .antMatchers("/api/public/**")
                .permitAll()
                .antMatchers("/test/**")
                .permitAll()
                .antMatchers("/api/adm/**")
                .hasAuthority("adm")
                .antMatchers("/alipay/**")
                .permitAll()
                .antMatchers("/excelDow/**")
                .permitAll()
                .antMatchers("/api/fore/**")
                .hasAuthority("usr")
                .antMatchers("/swagger-ui.html").permitAll()
                .antMatchers("/webjars/**").permitAll()
                .antMatchers("/swagger-resources/**").permitAll()
                .antMatchers("/v2/*").permitAll()
                .antMatchers("/csrf").permitAll()
                .anyRequest().authenticated()
                //剩下请求， 登录成功就可以访问
                .and()
                .formLogin()
                .loginProcessingUrl("/api/login")
                .permitAll()  // 表单登录  permit 允许
                .and()
                .csrf().disable()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) //不创建session对象
                .and()
                .addFilter(new JwtAuthenticationFilter(authenticationConfiguration.getAuthenticationManager()))
                .addFilter(new JwtAuthorizationFilter(authenticationConfiguration.getAuthenticationManager()))
                 //授权异常处理
                .exceptionHandling().authenticationEntryPoint(new JwtAuthenticationEntryPoint())
                .accessDeniedHandler(new JwtAccessDeniedHandler());
        return http.build();
    }
}
